Personal Data

Last update on 13 September 2018

PREAMBLE

This Personal Data Policy is binding for LOUVRE HOTELS GROUP (hereinafter, “LOUVRE HOTELS GROUP”, “us”, “our”). This Policy is applicable to all processing of Personal Data as undertaken on the following websites: Louvrehotels.com; Campanile.com; Premiereclasse.com; Kyriad.com; Goldentulip.com; Pro.louvrehotels.com; Hotelforyou.com; Passforyou.com; Passforyouentreprise.com; Wbe.goldentulip.com; webbooking.louvre-hotels.fr; http://webbooking.louvre-hotels.fr/ca/; http://webbooking.louvre-hotels.fr/ky/; http://webbooking.louvre-hotels.fr/pc/ and their related subdomains, as well as the mobile applications HOTELSFORYOU and SESAME

These Websites apply to all or part of the hotel brands Campanile, Première Classe, Kyriad and Golden Tulip (hereinafter, our “Hotels”).

Louvre Hotels Group belongs to Jin Jiang International Co., Ltd., one of the largest conglomerates of tourism and travel in China.

We offer Visitors, Users and Guests (hereinafter “you”) via our website, https://www.louvrehotels.com/fr/do-dare-dream and via the websites and mobile applications dedicated to our various brands and those of the Hotels in our Network, an online Reservation Service for hotel rooms and related services (such as our rewards program, events or contests) (hereinafter, the “Website(s)”). These Services may also be offered, in whole or in part, to you in person when checking into one of our Hotels or when you make a reservation using an online hotel comparison site or hotel search engine.

To provide these Services, we are required to collect and process some of your Personal Data. Because respecting your privacy is important to us and warrants the trust you place in us, we have implemented this Policy (hereinafter “Personal Data Policy”) to demonstrate our transparency and to inform you of:

the methods for collecting and processing your Personal Data by LOUVRE HOTELS GROUP;

the commitments undertaken by LOUVRE HOTELS GROUP to ensure that your Personal Data is secure;

the obligations of LOUVRE HOTELS GROUP, but also your obligations to ensure maximum protection of your data.

Your privacy is important and for this reason we have implemented the necessary measures for protecting and minimizing the Personal Data that we collect and process, for compliance with the new General Data Protection Regulation[1] (hereinafter, “GDPR”) and the French Data Protection Act[2].

With this mind, our policy is designed by default to implement the principles for protecting your privacy by respecting the principles of the GDPR and the law on data protection, with particular regard to:

the security of your Personal Data,

compliance with the lawful processing of your Data

transparently processing your Data for a specific purpose,

compliance with the periods for conserving such as appropriate for the purposes of processing your Data,

compliance with ensuring your Data is accurate,

respecting your rights and confidence in processing your Data,

compliance with the proper guarantees regarding the transfer of your Data outside of the European Economic Area.

To facilitate the reading of our Data Protection Policy, the terms beginning with capital letters, such as “Personal Data” “Guest”, “Users” or “Network” are explained in the definitions section, Article 14 herein this Personal Data Policy.

[1] Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)

We are processing your Personal Data as the Data Controller, which means that we monitor the manner in which the Personal Data are processed and we decide the purpose for such. This also means that we give specific instructions to our subcontractors that may process your Personal Data on our behalf and to execute the Services for your benefit.

We, LOUVRE HOTELS GROUP, are a simplified joint-stock company with a registered capital of €117,624,016, Nanterre Companies and Trade Register number 309 071 942, with its main office located at 50 place de l'Ellipse Village 5, CS 70050, 92081 La Défense Cedex – France.

Please contact us with any questions, information requests or complaints as described in Article 5 herein.

We mostly collect identification and contact data (first name, last name, email address, etc.), that allows us to know who you are in order to better manage your reservations and our commercial relationship, or in other words for better management of our Websites and your Guest Account. To provide you with customized offers, we also process data related to your interests based on your consumer data during your stay at our facilities.

This means that we collect data resulting from interactions with you on our Websites, by phone, via mobile applications, hotel comparison sites and search engines or directly during your stay.

The primary uses for your Personal Data are:

Why do we process your Personal Data?

What data do we collect?

For hotel room reservations or creating a Guest Account or following up on your reservation via our client services

Your identification data such as: title, first name, last name, email address, mailing address, date of birth, phone or mobile number and phone conversations that may have been recorded when making a reservation by phone.

The data regarding your stay: dates, number of nights, destination, presence of an adult/child.

To provide you with our promotional offers and offers from our partners

Your contact information, your geolocation data if you are using a mobile device and your interests and consumer data

In general, failure to fill in the fields labeled with an asterisk (*) on the Website does not allow us to provide all or part of the Services that we offer and the functionality of the Website and your request may not be considered.

The other fields are optional and serve to improve the quality of the Services offered.

If the form (rating, contact, etc.) has an open field, we ask that you not provide and personal information and limit the information strictly necessary for processing your request. We reserve the right to delete all unnecessary information regarding your request.

If using one of our mobile phone applications, we may have access to information such as the phone model or its operating system.

If you access the Services via one of our mobile applications with a phone with your location activated, we may be able to locate your phone to optimize our Service and to personalize the content of our offers and Services. You can turn off your location at any time.

Data collected indirectly

We may collect your Personal Data through some of our partners which register your reservation on their websites and may, as appropriate, collect payment on our behalf.

They may collect and send data necessary for your reservation. These partners may collect other data on their own behalf, to which we have no access.

These companies process the Personal Data you provide on their own behalf. As a result, we recommend you review their confidentiality policy to understand how and why they process the Data you provide.

the legal basis of fulfillment of a contract or pre-contractual measures made at your request, such as the registration and management of your reservations, billing or membership to a rewards program;

on the basis of your consent;

on the basis of the rightful interests of LOUVRE HOTELS GROUP The rightful interests of LOUVRE HOTELS GROUP may include:- managing your requests for information and your ratings online in order to improve user experience and our approach towards our guests;- Managing the Wi-Fi networks in our Hotels and restaurants;- Use of video surveillance for your security and the security of our hotels;- using information provided in your Guest Account and that which we collect during your stay in order to customize the Services offered;- offering you customized promotions and recommendations including those from our Hotels and partners;- sending you emails to the email address you have indicated;- sharing your Data with some of our partners: if you wish to refuse, we recommend you review Article 4 - implementation of telemarketing sales tools and constant improvement of your buying experience;- management and administration of the Website;

lastly, on the basis of a legal obligation, for example when we collect your information in order to respond to your request to exercise your rights

the management and administration of our various Websites;- managing registration and verification of the registration terms for a Guest Account;- managing access to your Guest Account;- managing cookies according to the terms defined in the Cookies Usage Policy ;

managing your stay at the hotel;- registering you;- offering you a Wi-Fi network in our Hotels and restaurants;- tracking your purchases on site;- managing our guest lists;- ensuring the security of our Hotels and that of our guests;- complying with local legislation;

Informing you of promotional offers (LOUVRE HOTELS GROUP), as well as from companies with which we have sales agreements, allowing us to, with your consent, provide combined offers, such as EUROPCAR, which offers car rental services;

analysis of connection and browsing data for customized advertising of the Website’s services;

providing sharing tools on social networks

Important: for these operations, we hereby inform you that you may exercise your right to opt out of sales prospecting, which once processed in accordance with the terms of Article 4, ensures that your data will no longer be processed for this purpose.> Managing your requests

In accordance with the provisions of Articles 15-21 of the GRDP and Articles 38-40 of the French Data Protection Act, you, as a person subject to the processing of Personal Data, have the right to access, correction, deletion, limitation and portability of your Personal Data processed.

You also have the right to submit a complaint to the competent authority, for example in France, the CNIL (Commission Nationale de l’Informatique et des Libertés [French Data Protection Authority]).

If the processing of Personal Data requires your consent, you may withdraw your consent at any time.

You may exercise these rights at any moment and at no cost, unless the request is unfounded or abusive (for example, if the request is repetitive). If this occurs, we reserve the right, in accordance with the GRDP to demand reasonable payment of fees (based on the administrative costs of your request) or to refuse your request.

LOUVRE HOTELS GROUP hereby informs you that it has a department responsible for matters related to protection of personal data that can be reached by: dpo@groupedulouvre.com

Village 5-50 place de l’Ellipse

92081 La DEFENSE CEDEX, France

Your Rights

Use

Rights to access

The right to know if we have your Personal Data and to obtain a copy, in addition to the following information:

The purpose for which it is being processed, the type of Personal Data processed, the types of recipients of the data, the period for with this is possible (or other criteria for determining the duration), and your rights.

Right to deletion (right to be forgotten)

The right to have your Personal Data deleted according to the terms of the GRDP, Article 17 primarily:

Once the data processed is no longer necessary; if you object to sales prospecting and request for your information to be deleted in addition to not being processed; if the processing is unlawful.

Right to opposition

Right to refuse commercial market research

· This right is applicable if we process your data in order to pursue our rightful interests. In the event that you file an objection, we will review the reasons regarding your particular situation and study if we have a legitimate and compelling reason to continue processing your data. Otherwise, we will cease the processing at issue.

· If you object to commercial prospection, we will simply cease this type of processing of your Data.

For example, you may object at any time from the moment your Data is collected up to the transfer of your Data to our partners by following the procedure in Article 4.

Withdrawal of consent

When processing your Personal Data requires your consent, we cannot continue to process said data once you withdraw your consent.

Right to limitation

You may request that we suspend processing the data, but not suspend conservation of your Personal Data if:

- you dispute the accuracy of the data (this limitation lasts for the time that we verify the inaccuracy);

- the processing is unlawful and you prefer to limit the processing rather than have the data deleted;

- we no longer need the data, but you believe that they are necessary for proof, or to exercise or defend your rights in court.

- you have filed an objection due to your particular situation and the limitation lasts for the time it takes to consider our rightful interests and your rights and freedom.

If the processing is limited, the Personal Data may only be processed with your consent or upon the exercise and defense of your rights in Court.

Right to portability

· You have the right to receive your Personal Data provided to us in a format that is structured, widely used and readable by machine.

· You also have the right to send this data or to request that we sent to another data controller.

This right applies only to processing based the person’s consent or upon execution of a contract, which is done with the aid of an automated process.

What happens to the Data in the event of death?

In accordance with the provisions of Article 40-1 of the French Data Protection Act, we hereby inform you that as a natural person: - You have the right to provide us with instructions related to the conservation, deletion and communication of your Personal Data in the event of your death; - You may at any time modify or cancel such instructions with us; - You may designate a person to be responsible for executing these instructions, who will in the event of your death, be informed of said instructions and request their implementation. You are also hereby informed that if you do not send LOUVRE HOTELS GROUP specific instructions regarding your Personal Data, your heirs, upon your death may exercise the right regarding conservation, deletion and communication of your Personal Data as required by the administration and regulation of your estate, as well as notify LOUVRE HOTELS GROUP of your death.

by sending a letter explaining the purpose of your request to the following address: DPO,Village 5-50 place de l’Ellipse, 92081 La DEFENSE CEDEX

All requests must be signed and accompanied by a photocopy of an identity card and indicate a return address for the response. A response will be then sent within one (1) month following receipt of the request, which may be extended to two (2) months considering the complexity of the request or number of requests.

For all requests on information regarding the processing of your Personal Data, you may contact us at dpo@groupedulouvre.com. Additionally, in accordance with the GDPR, you have the right to file a complaint with the CNIL (French Data Protection Authority).

For all information regarding the protection of Personal Data, you may also visit CNIL’s website.

Personal Data collected are maintained for the duration necessary for executing the purposes as described in Article 3, and extended by the duration of legal requirements.

The primary conservation periods are:

Purposes

Conservation periods

Connection data

One (1) year from the connection date observed

Guest data

Duration of the contractual relationship, extended by 3 years for the purpose of management and sales

Data regarding prospects

3 years from the last contact with LOUVRE HOTELS GROUP

Documents and accounting documents

10 years, based on the accounting document

Data regarding transactions and methods of payment

Duration of the transaction (up until the moment the LOUVRE HOTELS GROUP account is credited, plus the cancellation period, as appropriate, unless you have agreed to a longer period.

The Personal Data collected is deleted following the occurrence of one the following events, and subject to compliance with the applicable legal requirements and legal conservation periods:

the end date of the conservation period;

exercise of the right to deletion, in accordance with the French Data Protection Act and method described in paragraph 4, this Personal Data Policy;

the Website of LOUVRE HOTELS GROUP is no longer available for whatever reason.

Unless otherwise requested by you (subject to the particular instructions being reasonable and feasible), we will delete all of your Personal Data due to death upon request from a right holder and upon proof of having such a right and proof of your death and in accordance with Article 5 and the applicable conservation periods and applicable requirements”.

subsidiaries of LOUVRE HOTELS GROUP or a company within the LOUVRE HOTELS GROUP Network;

technical service providers participating in executing the purposes as described in Article 3, responsible for:- the execution of Services, reservations and orders, their management and processing.- after-sales service;- payment processing and security measures regarding the transmission of payment data;- market research emails, invitations to register and all other information sent to you by email.

our partners and companies with whom we have sales agreements that allow us to offer combination packages, if you do not object to such;

Social networks, based on the websites visited: Facebook, Linkedin, Instagram, Youtube and Twitter. We invite you to review the confidentiality policy of the various social networks to be informed of the collection and processing of your Data.

If you do not wish for your Personal Data to be transmitted you may exercise your rights as described in Article 4.

You agree that we may also be obligated to disclose all of your information in order to comply with the Applicable Regulation or to respond to a legal or administrative proceeding.

We implement the appropriate technical and organizational techniques to protect your Personal Data from accidental or unlawful destruction, accidental loss, alteration and unauthorized disclosure or access.

However, we cannot foresee all of the risks associated with the function of the internet and we must underscore the potential for risks inherent to its function.

We also monitor the manner in which our service providers process your Personal Data to the extent that they have provided the sufficient warranties regarding the implementation of appropriate data security measures.

In the event that you identify a security breach affecting the Website, you are required to notify us with the relevant information regarding this breach in a confidential manner.

For execution of our Services, we are required to transmit your Personal Data to recipients (LOUVRE HOTELS GROUPS, service providers, partners) located outside of the European Economic Area (EU, Norway, Iceland and Lichtenstein), primarily to the United States.

In this case, the processing of your Personal Data will be subject to the guarantees offered by the basis of adequacy decision established for the European Commission, incorporating the required “Privacy Shield”. The Privacy Shield is a mechanism for self-certification for business established in the United States. This mechanism has been recognized by the European Commission as offering an adequate level of protection for Personal Data transferred from a European company to a company established in the United States. CNIL also considers this mechanism as sufficient for the legal warranties for the transfer of such data. For more information on the Privacy Shield, you can visit the CNIL website: https://www.cnil.fr/fr/le-privacy-shield.

In any case, all transfer of Personal Data outside of the European Economic Area complies with the requirements of the Applicable Regulation and due to the implementation by LOUVRE HOTELS GROUP of appropriate warranties such as the signature of Standard Contractual Clauses of the European Commission (available here: https://www.cnil.fr/fr/les-clauses-contractuelles-types-de-la-commision-europeenne) with the recipient of the data or by use of the binding corporate rules.

As a User of the Website or Guest of LOUVRE HOTELS GROUP, you hereby acknowledge to be informed of the importance of the accuracy of your Personal Data and that you have verified such on the Website or when communicating with us.

You are also required to only verify Personal Data when communicating with us, entering into an agreement with us, requesting Services and for the period the Website is used, as well as to update the Data immediately if one or more elements of such changes during the duration of the Website or Agreement between us.

You may also request access and correction, as well as oppose or delete said Data as set out in Article 4, among others.

This Personal Data Policy may be subjected to updates which will be published online. The previous Personal Data Policy is hereby rightfully replaced by the new version which shall be immediately effective and binding. Use of the Website is subject to the Personal Data Policy in effect upon the moment of use.

To be stay informed of future modifications and updates, we recommend that you review the Personal Data Policy regularly. Notification regarding the updates may be provided by LOUVRE HOTELS GROUP by posting a notice on the Website, but is not required.

You are obligated to be aware of the General Terms of Sale of the Website (hereinafter, “Terms”) and other contractual documents signed with LOUVRE HOTELS GROUP for use of the Website and Services, which together with this Personal Data Policy constitute the enforceable contractual documents.

You are required to strictly comply with the terms herein the Personal Data Policy and the Terms of the Website upon use of the latter.

LOUVRE HOTELS GROUP shall not be liable in the event that: (i) use of your data, such as identification by a third party due to negligence or fault attributed to you; (ii) the Personal Data is incorrect or have not been updated by you; (iii) non-compliance with your obligations regarding the Applicable Regulation, this Personal Data Policy or the Terms and/or other contractual documents applicable to you.

You will be liable for all pecuniary sanctions that may be ordered against LOUVRE HOTELS GROUP for all rulings issued by a French jurisdiction, administrative or judiciary, or issued by an independent administrative authority, such as the CNIL (French Data Protection Authority), following non-compliance of your obligations pertaining to this Personal Data Policy.

In the event that one or more of the clauses herein the Personal Data Policy is declared null and void due to a change in legislation, Applicable Regulation or by a court decision, the validity and obligation to compliance with the other clauses of the Personal Data Policy shall not be affected.

This Personal Data Policy and documents referenced herein are governed by French law.

Means the space provides for a Guest on the Website upon registration, according to the terms established by the Terms of Sale and Terms of Use. This Account is strictly personal, individual and non-transferable to a third party. The Account is accessible using the identifier and password of the Guest.

“Sensitive Data”:

personal data that discloses one’s racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliation to a union, as well as the processing of genetic information and biometric information in order to identify a natural person in a unique manner.

“Personal Data or Data”

Means “any information relating to an identified or identifiable natural person (hereinafter, ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.” according to Article 4 of the EU GDPR.

For example, data that identifies you such as your title, first name, last name and email address are Personal Data.

“European Economic Area”:

territorial zone including the Member States of the European Union, Norway, Lichtenstein and Iceland.

“Applicable Regulation”:

Means the existing or future regulations and standards applicable to User and the Website, namely: legislation and regulation applicable to internet platforms such as the Website and regarding the protection of Personal Data, in addition to the French Data Protection Act and the EU GRDP.

“Our Hotels” or our “Network”:

all franchised entities of LOUVRE HOTELS GROUP or managed by LOUVRE HOTELS GROUP, or any subsidiary of LOUVRE HOTELS GROUP that operates a business under a trademark of the LOUVRE HOTELS GROUP.

“Service”:

Means the hotel services and related services offered to Guests by LOUVRE HOTELS GROUP via the Website as defined in the General Terms of Sale and in person at our Hotels.

“Website”:

all websites published by LOUVRE HOTELS GROUP presented under the domain name of LOUVRE HOTELS GROUP or presented under the domain name of one of its trademarks.

“Device”

Means the various technical means allowing the User to access the Website. The Devices may be Smartphones, tablets (Apple or Android), microcomputers via the internet and all objects connected or able to connect to another object, in addition to the internet.

“User”:

Means all natural persons accessing the Website personally or on behalf of a legal entity and having the capacity to enter into agreements on the Website, as a Visitor or Guest.

“Visitor”:

Means any internet user, natural person, viewing the Website using a Device, who is not necessarily a Guest.